On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval

Attribute Based Access Control (ABAC) is becoming the reference model for the specification and evaluation of access control policies. In ABAC policies and access requests are defined in terms of pairs attribute names/values. The applicability of an ABAC policy to a request is determined by matching the attributes in the request with the attributes in the policy. Some languages supporting ABAC, such as PTaCL or XACML 3.0, take into account the possibility that some attributes values might not be correctly retrieved when the request is evaluated, and use complex decisions, usually describing all possible evaluation outcomes, to account for missing attributes. In this paper, we argue that the problem of missing attributes in ABAC can be seen as a non-deterministic attribute retrieval process, and we show that the current evaluation mechanism in PTaCL or XACML can return a complex decision that does not necessarily match with the actual possible outcomes. This, however, is problematic for the enforcing mechanism, which needs to resolve the complex decision into a conclusive one. We propose a new evaluation mechanism, explicitly based on non-deterministic attribute retrieval for a given request. We extend this mechanism to probabilistic attribute retrieval and implement a probabilistic policy evaluation mechanism for PTaCL in PRISM, a probabilistic model-checker.

[1]  Charles Morisset,et al.  Automated Certification of Authorisation Policy Resistance , 2013, ESORICS.

[2]  Jason Crampton,et al.  PTaCL: A Language for Attribute-Based Access Control in Open Systems , 2012, POST.

[3]  Michael Huth,et al.  An Authorization Framework Resilient to Policy Evaluation Failures , 2010, ESORICS.

[4]  Charles Morisset,et al.  Reduction of access control decisions , 2014, SACMAT '14.

[5]  Michael Huth,et al.  Access control via belnap logic: Intuitive, expressive, and analyzable policy composition , 2011, TSEC.

[6]  Silvio Ranise,et al.  Incremental Analysis of Evolving Administrative Role Based Access Control Policies , 2014, DBSec.

[7]  A. Tversky,et al.  The framing of decisions and the psychology of choice. , 1981, Science.

[8]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[9]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[10]  Mark Ryan,et al.  Evaluating Access Control Policies Through Model Checking , 2005, ISC.

[11]  Charles Morisset,et al.  Nudging for Quantitative Access Control Systems , 2014, HCI.

[12]  Alessandro Armando,et al.  Scalable and precise automated analysis of administrative temporal role-based access control , 2014, SACMAT '14.

[13]  Stephan Merz,et al.  Model Checking , 2000 .

[14]  Jason Crampton,et al.  Authorization recycling in hierarchical RBAC systems , 2011, TSEC.

[15]  Michael Carl Tschantz,et al.  Towards reasonability properties for access-control policy languages , 2006, SACMAT '06.

[16]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[17]  Sushil Jajodia,et al.  A propositional policy algebra for access control , 2003, TSEC.

[18]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..